[QSA-00117181] Linux kernel vulnerability
Qlustar Security Advisory 0117181
January 17th, 2018Summary:
The system could crash or be made to run programs as an administrator. This update includes a fix for the dangerous Meltdown vulnerability. You're urged to upgrade your systems as soon as possible.
Package(s) : linux-image-ql-generic,
qlustar-module-core-trusty-amd64-9.2.0
Qlustar releases : 9.2
Affected versions: All versions prior to this update
Vulnerability : privilege escalation/denial of service
Problem type : local
Qlustar-specific : no
CVE Id(s) : CVE-2017-5754
A vulnerability has been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem(s):
CVE-2017-5754
Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via side-channel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.
Update instructions:
The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):
linux-image-ql-generic 4.9.76-ql-generic-10.0-10
qlustar-module-core-trusty-amd64-9.2.0 9.2.0.3-b479f1115
